🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Rafie Muhammad

Rafie Muhammad

Organization: Patchstack

All Time Ranking

381

All Time Discoveries

Showing 1-20 of 381 Vulnerabilities

Element Pack Elementor Addons <= 5.5.3 - Authenticated (Contributor+) SQL Injection

9.9

CVE-2024-30496

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

WP Cost Estimation & Payment Forms Builder <= 10.1.75 - Authenticated (Contributor+) SQL Injection

9.9

CVE-2024-30489

Mar 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

WooCommerce Follow-Up Emails <= 4.9.40 - Authenticated Arbitrary File Upload in Template Editing

9.9

CVE-2023-33318

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.60 - Arbitrary File Upload in File Manager

9.9

CVE-2023-31090

May 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Rehub <= 19.6.1 - Unauthenticated Local File Inclusion

9.8

CVE-2024-31231

Apr 3, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Automatic <= 3.92.0 - Unauthenticated SQL Injection

9.8

CVE-2024-27956

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Premmerce Permalink Manager for WooCommerce <= 2.3.10 - Unauthenticated Local File Inclusion

9.8

CVE-2024-27971

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Automatic <= 3.92.0 - Unauthenticated Arbitrary File Download and Server-Side Request Forgery

9.8

CVE-2024-27954

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Pie Register <= 3.8.3.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-27957

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload via rest_upload

9.8

CVE-2023-51409

Jan 9, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated SQL Injection via userToken

9.8

CVE-2023-52215

Jan 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated Arbitrary File Upload via uploadFile

9.8

CVE-2023-52221

Jan 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Taggbox <= 3.1 - Unauthenticated PHP Object Injection

9.8

CVE-2023-52225

Jan 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WooCommerce Tranzila Gateway <= 1.0.8 - Unauthenticated PHP Object Injection

9.8

CVE-2023-52218

Jan 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Theme per user <= 1.0.1 - Unauthenticated PHP Object Injection

9.8

CVE-2023-52181

Dec 29, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

BERTHA AI Plugin <= 1.11.10.7 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51419

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Rencontre – Dating Site <= 3.10.1 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51468

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Piotnet Forms Plugin <= 1.0.28 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-51412

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Checkout Mestres WP <= 7.1.9.6 - Unauthenticated SQL Injection

9.8

CVE-2023-51469

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Rencontre – Dating Site <= 3.10.1 - Privilege Escalation

9.8

CVE-2023-51425

Dec 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Element Pack Elementor Addons <= 5.5.3 - Authenticated (Contributor+) SQL Injection	CVE-2024-30496	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	March 28, 2024
WP Cost Estimation & Payment Forms Builder <= 10.1.75 - Authenticated (Contributor+) SQL Injection	CVE-2024-30489	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	March 28, 2024
WooCommerce Follow-Up Emails <= 4.9.40 - Authenticated Arbitrary File Upload in Template Editing	CVE-2023-33318	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	May 22, 2023
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.60 - Arbitrary File Upload in File Manager	CVE-2023-31090	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	May 22, 2023
Rehub <= 19.6.1 - Unauthenticated Local File Inclusion	CVE-2024-31231	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 3, 2024
Automatic <= 3.92.0 - Unauthenticated SQL Injection	CVE-2024-27956	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 13, 2024
Premmerce Permalink Manager for WooCommerce <= 2.3.10 - Unauthenticated Local File Inclusion	CVE-2024-27971	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 13, 2024
Automatic <= 3.92.0 - Unauthenticated Arbitrary File Download and Server-Side Request Forgery	CVE-2024-27954	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 13, 2024
Pie Register <= 3.8.3.1 - Unauthenticated Arbitrary File Upload	CVE-2024-27957	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 13, 2024
AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload via rest_upload	CVE-2023-51409	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 9, 2024
Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated SQL Injection via userToken	CVE-2023-52215	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 8, 2024
Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated Arbitrary File Upload via uploadFile	CVE-2023-52221	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 8, 2024
Taggbox <= 3.1 - Unauthenticated PHP Object Injection	CVE-2023-52225	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 5, 2024
WooCommerce Tranzila Gateway <= 1.0.8 - Unauthenticated PHP Object Injection	CVE-2023-52218	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 5, 2024
Theme per user <= 1.0.1 - Unauthenticated PHP Object Injection	CVE-2023-52181	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 29, 2023
BERTHA AI Plugin <= 1.11.10.7 - Unauthenticated Arbitrary File Upload	CVE-2023-51419	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Rencontre – Dating Site <= 3.10.1 - Unauthenticated Arbitrary File Upload	CVE-2023-51468	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Piotnet Forms Plugin <= 1.0.28 - Unauthenticated Arbitrary File Upload	CVE-2023-51412	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Checkout Mestres WP <= 7.1.9.6 - Unauthenticated SQL Injection	CVE-2023-51469	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023
Rencontre – Dating Site <= 3.10.1 - Privilege Escalation	CVE-2023-51425	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 27, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation